Category

Burp Enterprise and Extensions support

Hi,
does the Burp Enterprise support extensions (from BApp store)? Or is this support in development roadmap?
thanks
pavel

Liam, PortSwigger Agent |
Last updated: Jan 31, 2019 10:39AM UTC

Pavel, we have this logged in our development backlog. Unfortunately, we can't provide an ETA.

Burp User |
Last updated: Jun 03, 2019 06:19PM UTC

Hi there,
Just wondering if an ETA can be provided, now that it's been a few months.We're interested in using BApp extensions for Enterprise as well.
Thanks,
DC

Liam, PortSwigger Agent |
Last updated: Jun 05, 2019 12:49PM UTC

Unfortunately, we can't provide an ETA.

Burp User |
Last updated: Jan 07, 2020 07:21AM UTC

It's been almost one year now. Do we have an ETA on this?

Hannah, PortSwigger Agent |
Last updated: Jan 07, 2020 09:06AM UTC

This feature is now on our roadmap. We are still unable to provide an ETA.

Tim |
Last updated: May 14, 2020 03:26PM UTC

Any update on this feature? This is something we are interested in as well.

Uthman, PortSwigger Agent |
Last updated: May 14, 2020 03:52PM UTC

The Enterprise team is still in the process of deciding which extensions will be compatible. We should hopefully release this feature by the latter half of this year.

Tim |
Last updated: May 14, 2020 04:18PM UTC

Our goal is to incorporate feed back from penetration testing reports from 3rd party vendors in to extensions to provide positive confirmation the issue has been resolved. So having the ability to develop custom extensions is key to that capability.

Thomas |
Last updated: May 26, 2020 02:32PM UTC

We would be heavily interested in this feature as well. Especially regarding the definition of additional intruder payloads and integration of custom active and pssive scans.

Uthman, PortSwigger Agent |
Last updated: May 26, 2020 02:46PM UTC

Thank you for your interest. Burp Intruder is out of scope for this. The implementation of that in Enterprise would be a much larger undertaking. The initial phase in supporting extensions is still being assessed but this will likely include adding extensions that interact with the scanner (at least initially, anyway).